admin/Hermes-ui
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix: require auth for file upload and add 50MB size limit (#87)

Browse Source 
* refactor: extract inline middleware from index.ts into separate modules

- Extract update middleware to routes/update.ts
- Extract health middleware and version logic to routes/health.ts
- Extract shutdown logic to services/shutdown.ts
- Extract gateway init to services/gateway-bootstrap.ts
- Remove unused variables, fix duplicate app creation
- Bump version to 0.4.0

index.ts: 260 lines → 80 lines

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: require auth for file upload and add 50MB size limit

Fixes #86

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

---------

Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
This commit is contained in:
ekko
2026-04-21 07:43:05 +08:00
committed by GitHub
parent c1b4e6d596
commit 21296a416b
2 changed files with 15 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files
packages/server/src/routes/upload.ts
+14 -5
View File
@@ -1,8 +1,10 @@
import Router from '@koa/router'
import { randomBytes } from 'crypto'
import { mkdir, writeFile } from 'fs/promises'
import { writeFile } from 'fs/promises'
import { config } from '../config'
const MAX_UPLOAD_SIZE = 50 * 1024 * 1024 // 50MB
export const uploadRoutes = new Router()
uploadRoutes.post('/upload', async (ctx) => {
@@ -20,11 +22,18 @@ uploadRoutes.post('/upload', async (ctx) => {
return
}
await mkdir(config.uploadDir, { recursive: true })
// Read raw body as Buffer
// Read raw body as Buffer with size limit
const chunks: Buffer[] = []
for await (const chunk of ctx.req) chunks.push(chunk)
let totalSize = 0
for await (const chunk of ctx.req) {
totalSize += chunk.length
if (totalSize > MAX_UPLOAD_SIZE) {
ctx.status = 413
ctx.body = { error: `File too large (max ${MAX_UPLOAD_SIZE / 1024 / 1024}MB)` }
return
}
chunks.push(chunk)
}
const raw = Buffer.concat(chunks)
const boundaryBuf = Buffer.from(boundary)
const parts = splitMultipart(raw, boundaryBuf)
packages/server/src/services/auth.ts
+1 -1
View File
@@ -51,7 +51,7 @@ export async function authMiddleware(token: string | null) {
const path = ctx.path.toLowerCase()
if (
path === '/health' ||
(!path.startsWith('/api') && !path.startsWith('/v1') && path !== '/webhook')
(!path.startsWith('/api') && !path.startsWith('/v1') && path !== '/webhook' && path !== '/upload')
) {
await next()
return